Jump to content

sscat

Honorary Members
 View Profile  See their activity

  • Posts

    25

  • Joined

  • Last visited

Reputation

0 Neutral
  1. sscat
    It was through windows.
  2. sscat
    sorry it took a bit to get beck here ...heres that link: http://speccy.piriform.com/results/EAyLtpeI88daVyn0UNYcdp4
  3. sscat
    thanks for that ...right now have 11 svhosts, no dll's, 2 iexplorers so I guess from what youve said should be 'normal' with only this window & task mgr up. Ive never been asked, or noticed the disk type? (never knew it existed I guess never any reason to know or do any reasearch on how to determine it. Where would I find this information? I dont know what either of them mean? stand for? Sorry Just something else to learn...
  4. sscat
    Hi, Its seems to be running well overall but just a few concerns? When I run disk defrag it will freeze the cp. It has run a few times but takes hours and the last two it will freeze at the 1% point & freeze any other windows ...not allowing anything (even task mgr or start menu) to come up. Also wanted to know in general, how many iexplorers should my system have running in tasks & same with svhosts? Should there ever be dllhosts in task mgr? What would the reason for less or more ...what do they correspond to please? IT JUST FROZE AGAIN ABOUT 4 MIN - NO DEFRAG RUNNING & JUST ONE WINDOW OPEN, oops caps Thanks for any input ...cat
  5. sscat
    ...just a note: Most of these programs/tools installed to check viruses / scan security etc are downloaded onto a thumbnail drive. Does that matter? I believe only Malwarebytes and Combo fix were actually downloaded to my cp. For the purpose of that quarentine delete I moved all the FRST programs/logs to my desktop just to be sure that fix would work but using Delfix... How should I handle removal of any of the other tools? if it is necessary?
  6. sscat
    here is the fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2014 Ran by scaredycat at 2014-10-29 09:13:27 Run:1 Running from C:\Documents and Settings\scaredycat\Desktop Loaded Profile: scaredycat (Available profiles: scaredycat & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** DeleteQuarantine: ***************** "C:\FRST\Quarantine" => removed successfully. ==== End of Fixlog ====
  7. sscat
    Well Ive tried most of the day to download this tool and have noticed that its just not this specific page that displays this error. Many pages accessed through links do the same thing. Ive done lots of research and tried all sorts of fixes ...disabling add-ons, deleting temp files & running tfc, trying different security settings etc. Hopefully you'll have some pro insight?! Thanks
  8. sscat
    great news! Problem though ...whenever I click the delfix link or use open in new window ...the page "Internet Explorer cannot display the webpage" is opened. I also had a heck of a time getting Eset to download with not allowing activex to be installed. I finally ticked the right box in tools/internet options and had to add it to 'trusted site" Any advice?
  9. sscat
    ESET logs: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # product=EOS # version=8 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=37b2e64c37b5ca4488c5d04362bc6f69 # engine=20801 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-10-27 10:39:53 # local_time=2014-10-27 06:39:53 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 95 0 521197 0 0 # scanned=50747 # found=4 # cleaned=0 # scan_time=15387 sh=B130611C92788337C4F6BB9E9454FF06EB409166 ft=1 fh=fdd15917d80bb266 vn="a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe application" ac=I fn="C:\Documents and Settings\Administrator\Desktop\AA_v3.exe" sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Documents and Settings\scaredycat\My Documents\a SETUP-INSTALLED Downloads CLEAN-UPDATE TOOLS\cbsidlm-tr1_13-Adblock_IE-SEO-75650179.exe" sh=6525F85F423A8ACB9DE261FCE7C1BFDCAF0651EC ft=1 fh=e751b5239200023c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Documents and Settings\scaredycat\My Documents\a SETUP-INSTALLED Downloads CLEAN-UPDATE TOOLS\ccsetup404.exe" sh=9663CAB5F4802FDAD8C719864F2E390BB99F195C ft=1 fh=02a711254bf91c09 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Documents and Settings\scaredycat\My Documents\a SETUP-INSTALLED Downloads CLEAN-UPDATE TOOLS\My Pro Downloads-Shortcuts\ccsetup316.exe"
  10. sscat
    Hi Naat, Hope you had a nice weekend Here are the malwarebytes & security check logs. Eset will take some time so sending these first. Hopefully all is looking well! Thanks Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/27/2014 Scan Time: 3:40:36 AM Logfile: MBAM 10-27.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.27.01 Rootkit Database: v2014.10.22.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: scaredycat Scan Type: Threat Scan Result: Completed Objects Scanned: 325772 Time Elapsed: 27 min, 58 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Results of screen317's Security Check version 0.99.89 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Java 7 Update 67 Adobe Reader XI Google Chrome 38.0.2125.104 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  11. sscat
    Here are the two logs: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2014 Ran by scaredycat (administrator) on COMPAQXPPRO on 26-10-2014 14:53:02 Running from E:\a SETUP-INSTALLED Downloads CLEAN-UPDATE TOOLS\MY CP CLEAN-UPDATE RUN TOOLS-USE Loaded Profile: scaredycat (Available profiles: scaredycat & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (GlavSoft LLC.) C:\Program Files\ShowMyPCService\tvnserver.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (TP-LINK TECHNOLOGIES CO., LTD) C:\Program Files\TP-LINK\TWCU\TWCU.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TWCU] => C:\Program Files\TP-LINK\TWCU\TWCU.exe [348160 2006-03-15] (TP-LINK TECHNOLOGIES CO., LTD) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-20] (AVAST Software) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM\...\Winlogon: [uIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-08-21] ( (Microsoft Corporation)) HKU\S-1-5-21-1508681193-3317570181-2872596689-1005\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-10-20] (Google Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5C468AB2ADECCF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://us-mg5.mail.yahoo.com/neo/b/launch?.rand=5r1av1hllpvpk SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352100596515 DPF: {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} https://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{4CFF72CD-4B0B-4ABB-8D88-0B67B5E43B08}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 Tcpip\..\Interfaces\{DACEC59A-6D3C-4F66-8E5A-3B3E4D951047}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\scaredycat\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-20] Chrome: ======= CHR Profile: C:\Documents and Settings\scaredycat\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\scaredycat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-20] CHR Extension: (Google Drive) - C:\Documents and Settings\scaredycat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-20] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\scaredycat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20] CHR Extension: (YouTube) - C:\Documents and Settings\scaredycat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-20] CHR Extension: (Google Search) - C:\Documents and Settings\scaredycat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-20] CHR Extension: (avast! Online Security) - C:\Documents and Settings\scaredycat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-20] CHR Extension: (Google Wallet) - C:\Documents and Settings\scaredycat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-20] CHR Extension: (Gmail) - C:\Documents and Settings\scaredycat\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-20] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-20] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ACS; C:\WINDOWS\system32\acs.exe [36864 2005-08-05] () [File not signed] S4 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [182808 2008-02-13] (Intel Corporation) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-20] (AVAST Software) S3 brmfrmps; C:\WINDOWS\system32\Brmfrmps.exe [65536 2003-05-05] (Brother Industries, Ltd.) [File not signed] S3 Brother XP spl Service; C:\WINDOWS\system32\brsvc01a.exe [57344 2002-04-12] (brother Industries Ltd) S3 idsvc; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [864256 2007-10-11] (Microsoft Corporation) [File not signed] S3 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-21] (Oracle Corporation) S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-08-22] (Hewlett-Packard Company) [File not signed] S4 LMS; C:\Program Files\Intel\AMT\LMS.exe [109080 2008-02-13] (Intel) S3 NetTcpPortSharing; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [122880 2007-10-11] (Microsoft Corporation) [File not signed] R2 tvnserver; C:\Program Files\ShowMyPCService\tvnserver.exe [815704 2013-11-21] (GlavSoft LLC.) S3 ufad-ws60; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.) S4 UNS; C:\Program Files\Intel\AMT\UNS.exe [2525720 2008-02-13] (Intel) S3 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [113200 2009-10-22] (VMware, Inc.) S3 VMnetDHCP; C:\WINDOWS\system32\vmnetdhcp.exe [334384 2009-10-22] (VMware, Inc.) S3 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2009-10-22] (VMware, Inc.) S3 VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [395824 2009-10-22] (VMware, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17801 2013-07-23] (Meetinghouse Data Communications) [File not signed] S3 AR5523; C:\WINDOWS\System32\DRIVERS\ar5523.sys [354432 2007-01-25] (Atheros Communications, Inc.) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-10-20] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-10-20] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-10-20] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-10-20] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-10-20] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-10-20] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-10-20] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-10-20] () S3 BrScnUsb; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [15263 2003-12-19] (Brother Industries Ltd.) R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [876384 2007-03-31] (Broadcom Corporation.) R2 hcmon; C:\WINDOWS\system32\drivers\hcmon.sys [32304 2009-10-22] (VMware, Inc.) R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [36352 2007-04-07] (Infineon Technologies AG) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation) S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [28632 2009-09-21] (Intel Corporation ) [File not signed] R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc) S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-08-07] () R3 vmkbd; C:\WINDOWS\system32\drivers\VMkbd.sys [23216 2009-10-22] (VMware, Inc.) R3 VMnetAdapter; C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys [16560 2009-10-22] (VMware, Inc.) R2 VMnetBridge; C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys [32688 2009-10-22] (VMware, Inc.) R2 VMnetuserif; C:\WINDOWS\system32\drivers\vmnetuserif.sys [26288 2009-10-22] (VMware, Inc.) R2 VMparport; C:\WINDOWS\system32\Drivers\VMparport.sys [14896 2009-10-22] (VMware, Inc.) S3 vmusb; C:\WINDOWS\System32\Drivers\vmusb.sys [31280 2009-10-22] (VMware, Inc.) R2 vmx86; C:\WINDOWS\system32\Drivers\vmx86.sys [853936 2009-10-22] (VMware, Inc.) R2 vstor2-mntapi10; C:\Program Files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [22576 2009-11-03] (VMware, Inc.) R2 vstor2-ws60; C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [22448 2009-10-12] (VMware, Inc.) S3 catchme; \??\C:\DOCUME~1\SCARED~1\LOCALS~1\Temp\catchme.sys [X] S4 IntelIde; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-25 20:57 - 2014-10-26 14:53 - 00000000 ____D () C:\Documents and Settings\scaredycat\Local Settings\temp 2014-10-25 20:57 - 2014-10-25 20:57 - 00018536 _____ () C:\ComboFix.txt 2014-10-25 20:57 - 2014-10-25 20:57 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp 2014-10-25 20:57 - 2014-10-25 20:57 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp 2014-10-25 20:57 - 2014-10-25 20:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp 2014-10-25 20:37 - 2014-05-08 03:47 - 00000211 _____ () C:\Boot.bak 2014-10-25 20:36 - 2014-10-25 20:37 - 00000000 _RSHD () C:\cmdcons 2014-10-25 20:36 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr 2014-10-25 20:31 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2014-10-25 20:31 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2014-10-25 20:31 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2014-10-25 20:31 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2014-10-25 20:31 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2014-10-25 20:31 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2014-10-25 20:31 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2014-10-25 20:31 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2014-10-25 20:31 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2014-10-25 17:19 - 2014-10-25 20:57 - 00000000 ____D () C:\Qoobox 2014-10-25 17:14 - 2014-10-25 20:56 - 00000000 ____D () C:\WINDOWS\erdnt 2014-10-25 17:08 - 2014-10-25 17:09 - 05583977 _____ (Swearware) C:\Documents and Settings\scaredycat\Desktop\ComboFix.exe 2014-10-25 15:03 - 2014-10-25 17:20 - 00001635 _____ () C:\WINDOWS\setupapi.log 2014-10-25 15:02 - 2014-10-25 17:20 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP 2014-10-25 15:01 - 2014-10-25 15:01 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2014-10-25 03:39 - 2014-10-25 03:39 - 00098304 _____ () C:\WINDOWS\Minidump\Mini102514-01.dmp 2014-10-24 16:40 - 2014-10-24 16:40 - 00000560 _____ () C:\Documents and Settings\scaredycat\Desktop\Constant dllhost.exe 32 problems - Page 3 - Malware Removal Help - Malwarebytes Forum.url 2014-10-24 15:40 - 2014-10-24 15:40 - 00000406 _____ () C:\Documents and Settings\scaredycat\Desktop\Poweliks removal with RogueKiller.url 2014-10-24 14:33 - 2014-10-24 14:34 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-10-24 14:33 - 2014-10-24 14:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller 2014-10-24 13:53 - 2014-10-24 13:53 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-10-24 04:41 - 2014-10-24 04:41 - 00090112 _____ () C:\WINDOWS\Minidump\Mini102414-01.dmp 2014-10-24 03:09 - 2014-10-24 04:40 - 1610416020 _____ () C:\avenger.txt 2014-10-24 02:57 - 2014-10-26 14:53 - 00000000 ____D () C:\FRST 2014-10-24 02:04 - 2014-10-24 02:04 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-10-24 02:04 - 2014-10-24 02:04 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-24 02:04 - 2014-10-24 02:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-10-24 02:04 - 2014-10-01 11:11 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-10-24 02:04 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-10-24 01:37 - 2014-10-25 03:57 - 00000745 _____ () C:\Documents and Settings\scaredycat\Desktop\yikes! MBRCidox-E - Agent-AULA - Kryptik-OMG Malware-gen Dropper-gen Rootkit-gen - Fake MS - TDSS.v2 Poweliks - Malware Removal Help - Malwarebytes Forum.url 2014-10-21 20:25 - 2014-10-21 20:26 - 00000000 ____D () C:\Documents and Settings\scaredycat\Local Settings\Application Data\Citrix 2014-10-21 16:42 - 2014-10-21 16:42 - 00000000 ____D () C:\Documents and Settings\scaredycat\Application Data\IObit 2014-10-21 04:55 - 2014-10-21 04:55 - 00003714 _____ () C:\WINDOWS\KB2964358-IE8.log 2014-10-21 04:53 - 2014-10-21 04:55 - 00003543 _____ () C:\WINDOWS\KB2936068-IE8.log 2014-10-21 03:19 - 2014-10-21 03:19 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-10-21 03:19 - 2014-10-21 03:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java 2014-10-21 03:19 - 2014-10-21 03:18 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2014-10-21 03:19 - 2014-10-21 03:18 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2014-10-21 03:19 - 2014-10-21 03:18 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2014-10-21 03:19 - 2014-10-21 03:18 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2014-10-21 03:19 - 2014-10-21 03:18 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2014-10-21 03:18 - 2014-10-21 03:18 - 00000000 ____D () C:\Program Files\Java 2014-10-21 03:16 - 2014-10-26 14:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-10-20 22:01 - 2014-10-20 22:01 - 00003229 _____ () C:\Documents and Settings\scaredycat\My Documents\free_av_9.0.2021_2014-10-20_15-37-56.avastconfig 2014-10-20 20:38 - 2014-10-20 20:38 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google 2014-10-20 20:01 - 2014-10-20 20:00 - 02998336 _____ (TeamViewer) C:\Documents and Settings\scaredycat\Desktop\RemoteDesktop.exe 2014-10-20 19:37 - 2014-10-20 19:37 - 00000000 ____D () C:\Documents and Settings\scaredycat\Local Settings\Application Data\Temp 2014-10-20 19:34 - 2014-10-20 19:34 - 00000000 ____D () C:\Documents and Settings\scaredycat\Application Data\AVAST Software 2014-10-20 17:55 - 2014-10-20 17:55 - 00001740 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk 2014-10-20 17:55 - 2014-10-20 17:55 - 00000000 ____D () C:\WINDOWS\jumpshot.com 2014-10-20 17:55 - 2014-10-20 17:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avast 2014-10-20 17:54 - 2014-10-26 09:12 - 00000372 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2014-10-20 17:53 - 2014-10-20 17:54 - 00414520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2014-10-20 17:53 - 2014-10-20 17:53 - 00779536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-10-20 17:53 - 2014-10-20 17:53 - 00276432 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-10-20 17:53 - 2014-10-20 17:53 - 00192352 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-10-20 17:53 - 2014-10-20 17:53 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-10-20 17:53 - 2014-10-20 17:53 - 00057800 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2014-10-20 17:53 - 2014-10-20 17:53 - 00055112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2014-10-20 17:53 - 2014-10-20 17:53 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-10-20 17:53 - 2014-10-20 17:53 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-10-20 17:53 - 2014-10-20 17:53 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2014-10-20 17:50 - 2014-10-20 17:50 - 00000000 ____D () C:\Program Files\AVAST Software 2014-10-20 17:46 - 2014-10-20 17:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software 2014-10-20 17:42 - 2014-10-20 17:42 - 00001820 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-10-20 17:42 - 2014-10-20 17:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome 2014-10-20 17:35 - 2014-10-26 14:52 - 00000432 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{F9291DC1-967C-4335-8B82-D83AAEBACF2C}.job 2014-10-20 17:27 - 2014-10-20 17:27 - 00000000 ____D () C:\Documents and Settings\scaredycat\Application Data\TeamViewer 2014-10-20 16:57 - 2014-10-20 16:57 - 00764184 _____ (Ammyy LLC) C:\Documents and Settings\Administrator\Desktop\AA_v3.exe 2014-10-18 18:28 - 2014-10-18 21:33 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys 2014-10-17 23:04 - 2014-10-17 23:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\MICROSOFT Team READ This 2014-10-17 21:32 - 2014-10-20 16:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2014-10-17 20:58 - 2014-10-17 20:58 - 00001324 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\d3d9caps.tmp 2014-10-17 19:13 - 2014-10-26 08:30 - 00407898 _____ () C:\WINDOWS\WindowsUpdate.log 2014-10-17 19:13 - 2014-10-26 08:28 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-10-17 19:13 - 2014-10-26 08:28 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-10-17 19:13 - 2014-10-17 19:13 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log 2014-10-17 19:12 - 2014-10-26 06:01 - 00032520 _____ () C:\WINDOWS\SchedLgU.Txt 2014-10-17 18:30 - 2014-10-17 18:30 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2014-10-17 17:48 - 2014-10-23 23:20 - 00000000 ____D () C:\Program Files\Citrix 2014-10-17 17:47 - 2014-10-17 21:23 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Citrix 2014-10-17 17:35 - 2014-10-17 17:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AMMYY 2014-10-17 17:10 - 2014-10-17 17:10 - 00000600 _____ () C:\Documents and Settings\Administrator\PUTTY.RND 2014-10-17 16:06 - 2014-10-17 16:06 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\TightVNC 2014-10-17 16:03 - 2014-10-17 16:06 - 00000000 ____D () C:\Program Files\ShowMyPCService 2014-10-17 16:01 - 2014-10-17 16:01 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\ShowMyPC 2014-10-17 16:00 - 2014-10-17 21:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment 2014-10-17 15:53 - 2014-10-17 15:53 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia 2014-10-17 15:51 - 2014-10-17 15:51 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE 2014-10-17 15:51 - 2014-10-17 15:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe 2014-10-17 08:12 - 2014-10-17 08:12 - 00000000 ____D () C:\Documents and Settings\scaredycat\Application Data\Malwarebytes 2014-10-17 08:10 - 2014-10-17 18:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-10-17 07:47 - 2014-10-17 07:47 - 00000393 _____ () C:\Documents and Settings\scaredycat\Desktop\Bad, Bad Rootkit.TDSS.v2 - Page 2.url 2014-10-16 23:15 - 2014-10-25 03:47 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-10-01 05:33 - 2014-10-01 05:33 - 00000353 _____ () C:\Documents and Settings\scaredycat\Desktop\PC TOOLS INTERNET SECURITY SERIALS FREE ! WORKS FOR 2012 - 2015 - YouTube.url 2014-10-01 04:51 - 2014-10-01 04:51 - 00000353 _____ () C:\Documents and Settings\scaredycat\Desktop\PC Tools Spyware Doctor 2013 License Key - YouTube.url 2014-10-01 04:39 - 2014-10-01 04:39 - 00000260 _____ () C:\Documents and Settings\scaredycat\Desktop\Important Announcement Loyalty Norton Offer for PC Tools Security Customers.url 2014-10-01 04:22 - 2014-10-24 15:41 - 00002818 _____ () C:\Documents and Settings\scaredycat\Desktop\Download PC Performance & Computer Registry Software PC Tools by Symantec.url 2014-10-01 04:19 - 2014-10-01 04:19 - 02869099 _____ () C:\Documents and Settings\scaredycat\Desktop\pct issetup.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-26 14:17 - 2012-11-06 16:10 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-26 09:11 - 2012-11-06 16:10 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-26 09:11 - 2008-08-21 08:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl 2014-10-26 08:33 - 2010-08-12 07:34 - 00475622 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-10-26 08:28 - 2010-08-12 14:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-10-26 06:01 - 2012-11-03 20:37 - 00000178 ___SH () C:\Documents and Settings\scaredycat\ntuser.ini 2014-10-26 00:34 - 2012-11-05 20:38 - 02162688 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt 2014-10-26 00:33 - 2012-11-03 20:37 - 00000000 ____D () C:\Documents and Settings\scaredycat 2014-10-25 20:55 - 2008-08-21 08:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-10-25 20:37 - 2010-08-12 07:32 - 00000327 __RSH () C:\boot.ini 2014-10-25 19:53 - 2013-07-02 23:34 - 00007680 ___SH () C:\WINDOWS\Thumbs.db 2014-10-25 15:30 - 2012-11-03 20:37 - 00001606 _____ () C:\Documents and Settings\scaredycat\Start Menu\Programs\Remote Assistance.lnk 2014-10-25 15:20 - 2012-11-07 17:30 - 00001561 _____ () C:\Documents and Settings\scaredycat\Desktop\Disk Defragmenter.lnk 2014-10-25 15:20 - 2010-04-01 04:06 - 00001510 _____ () C:\Documents and Settings\scaredycat\Desktop\Paint.lnk 2014-10-25 15:19 - 2010-08-12 14:49 - 00001614 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk 2014-10-25 15:19 - 2010-08-12 14:49 - 00001606 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk 2014-10-25 15:19 - 2010-08-12 14:49 - 00001514 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk 2014-10-25 15:15 - 2010-08-12 14:56 - 00001606 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk 2014-10-25 03:39 - 2012-11-03 23:35 - 00000000 ____D () C:\WINDOWS\Minidump 2014-10-24 03:56 - 2014-08-24 14:34 - 00000353 _____ () C:\Documents and Settings\scaredycat\Desktop\eBayISAPI.dllViewItemDescV4&item=161341628353&t=1398717899000&tid=10&category=20749&seller=lea-land&excSoj=1&excTrk=1&lsite=0&ittenable=false&domain=ebay.com&descgauge=1.url 2014-10-23 18:45 - 2012-11-06 16:09 - 00000000 ____D () C:\Documents and Settings\scaredycat\Local Settings\Application Data\Deployment 2014-10-23 17:54 - 2013-12-28 03:53 - 00000000 ____D () C:\WINDOWS\system32\NtmsData 2014-10-21 18:07 - 2013-04-16 03:30 - 00000000 ____D () C:\Documents and Settings\scaredycat\My Documents\a SETUP-INSTALLED Downloads CLEAN-UPDATE TOOLS 2014-10-21 17:32 - 2014-02-27 04:07 - 00081920 ___SH () C:\Documents and Settings\scaredycat\Desktop\Thumbs.db 2014-10-21 13:36 - 2013-07-31 23:29 - 00000000 ___HD () C:\BJPrinter 2014-10-21 05:05 - 2013-07-23 04:13 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-10-21 04:56 - 2012-11-03 21:50 - 100290944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-10-21 03:16 - 2013-07-23 05:36 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-10-21 03:16 - 2013-07-23 05:36 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-10-20 20:38 - 2012-11-06 16:10 - 00000000 ____D () C:\Program Files\Google 2014-10-20 17:01 - 2012-11-03 22:34 - 00000000 ____D () C:\Program Files\Common Files\PC Tools 2014-10-20 17:00 - 2010-08-12 14:56 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-10-20 16:51 - 2012-11-03 22:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\PC Tools 2014-10-20 16:44 - 2010-08-23 13:27 - 00000000 ____D () C:\WINDOWS\system32\appmgmt 2014-10-20 13:27 - 2010-08-12 07:28 - 00000000 ____D () C:\WINDOWS\Connection Wizard 2014-10-19 20:58 - 2010-08-12 07:28 - 00000000 ____D () C:\WINDOWS\system 2014-10-19 16:54 - 2014-08-07 02:38 - 00000000 ____D () C:\Documents and Settings\scaredycat\Local Settings\Application Data\SlimWare Utilities Inc 2014-10-19 16:46 - 2010-08-12 07:28 - 00000000 ____D () C:\WINDOWS\Cursors 2014-10-19 04:06 - 2013-07-02 23:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$ 2014-10-18 18:20 - 2012-11-03 21:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2508429$ 2014-10-18 15:57 - 2012-11-06 16:10 - 00000000 ____D () C:\Documents and Settings\scaredycat\Local Settings\Application Data\Google 2014-10-18 15:26 - 2013-07-23 03:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850851$ 2014-10-18 15:06 - 2013-04-16 04:11 - 00000000 ____D () C:\Documents and Settings\scaredycat\Local Settings\Application Data\MGTEK 2014-10-18 15:05 - 2012-11-03 22:58 - 00000000 ____D () C:\Documents and Settings\scaredycat\Local Settings\Application Data\Threat Expert 2014-10-18 12:34 - 2010-08-18 18:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe 2014-10-17 19:25 - 2013-08-12 01:36 - 00000000 __SHD () C:\WINDOWS\CSC 2014-10-17 17:58 - 2010-08-12 14:56 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-10-17 03:40 - 2012-11-22 04:57 - 00425984 ___SH () C:\Documents and Settings\scaredycat\My Documents\Thumbs.db 2014-10-16 02:05 - 2013-10-01 05:57 - 00000470 _____ () C:\Documents and Settings\scaredycat\Desktop\Walmart.com Walmart Financing Offer.url 2014-10-16 02:04 - 2014-09-11 03:39 - 00002682 _____ () C:\Documents and Settings\scaredycat\Desktop\About Cordless Tool Batteries - Popular models - Tips to extend the life of your cordless tool battery.url 2014-10-06 03:48 - 2014-04-08 04:36 - 00000000 ____D () C:\Documents and Settings\scaredycat\My Documents\SPS Mod 2014-09-29 04:52 - 2012-11-21 04:16 - 00000000 ____D () C:\Documents and Settings\scaredycat\My Documents\Turbo Lister Backup ZeroAccess: C:\Documents and Settings\scaredycat\Local Settings\Application Data\Google\Desktop\Install ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2014 Ran by scaredycat at 2014-10-26 14:53:46 Running from E:\a SETUP-INSTALLED Downloads CLEAN-UPDATE TOOLS\MY CP CLEAN-UPDATE RUN TOOLS-USE Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) Bluetooth by hp (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.1.0.3300 - HP) Brother MFL-Pro Suite (HKLM\...\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}) (Version: 1.00.000 - ) CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform) Citrix Online Launcher (HKLM\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix) DoNotTrackMe Add-on 3.2.1166 (HKLM\...\DoNotTrackMe Add-on_is1) (Version: 3.2.1166 - Abine Inc) Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden HP Flat Panel Monitor INF Software 4.00 (HKLM\...\{EBA0C587-D976-4D71-8976-0743EDE14F10}) (Version: - ) HP Softpaq SP46137 (HKLM\...\SP46137) (Version: - ) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intel® Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation) Intel® Network Connections 14.6.10.0 (HKLM\...\{CCC68887-6E07-4438-A035-7C22EFBDC15E}) (Version: 14.6.10.0 - Intel) Intel® Active Management Technology (HKLM\...\MESOL) (Version: - Intel Corporation) InterVideo WinDVD (HKLM\...\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}) (Version: 5.0-B11.285 - InterVideo Inc.) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden LightScribe System Software 1.14.25.1 (HKLM\...\{DA9DAC64-C947-47BA-B411-8A1959B177CF}) (Version: 1.14.25.1 - LightScribe) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 1 (HKLM\...\{B508B3F1-A24A-32C0-B310-85786919EF28}) (Version: 2.1.21022 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 1 (HKLM\...\{2BA00471-0328-3743-93BD-FA813353A783}) (Version: 3.1.21022 - Microsoft Corporation) Microsoft .NET Framework 3.5 (HKLM\...\Microsoft .NET Framework 3.5) (Version: - Microsoft Corporation) Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.5880 - Analog Devices) TP-LINK Wireless Client Utility Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: - TP-LINK) Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.) VMware Player (HKLM\...\{A53A11EA-0095-493F-86FA-A15E8A86A405}) (Version: 3.0.0.9911 - VMware, Inc.) VMware Virtual Disk Development Kit (HKLM\...\{547EB317-F9FC-4571-B66A-83B3C9D6A2C8}) (Version: 1.00.0000 - VMware, Inc.) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Driver Package - Intel (E1000) Net (08/20/2008 8.10.3.0) (HKLM\...\3A5CA951EF665845B5AD1156BD88090C7A4F3E57) (Version: 08/20/2008 8.10.3.0 - Intel) Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1508681193-3317570181-2872596689-1005_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation) ==================== Restore Points ========================= 24-10-2014 07:12:14 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.3.1025 24-10-2014 10:33:56 System Checkpoint 25-10-2014 18:03:03 System Checkpoint 25-10-2014 19:02:55 Installed SpyHunter 25-10-2014 21:17:38 Revo Uninstaller's restore point - SpyHunter 25-10-2014 21:20:00 Revo Uninstaller's restore point - SpyHunter 25-10-2014 21:21:01 Removed SpyHunter 25-10-2014 21:22:57 Revo Uninstaller's restore point - SpyHunter 25-10-2014 21:24:34 Revo Uninstaller's restore point - SpyHunter ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-08-21 08:00 - 2014-10-25 20:55 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{F9291DC1-967C-4335-8B82-D83AAEBACF2C}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2014-10-20 17:53 - 2014-10-20 17:53 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-10-25 17:31 - 2014-10-25 17:31 - 02897920 _____ () C:\Program Files\AVAST Software\Avast\defs\14102501\algo.dll 2014-10-20 17:53 - 2014-10-20 17:53 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe MSCONFIG\startupreg: SoundMAX => "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: VMware hqtray => "C:\Program Files\VMware\VMware Player\hqtray.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-1508681193-3317570181-2872596689-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-1508681193-3317570181-2872596689-1006 - Limited - Enabled) Guest (S-1-5-21-1508681193-3317570181-2872596689-501 - Limited - Disabled) HelpAssistant (S-1-5-21-1508681193-3317570181-2872596689-1004 - Limited - Disabled) scaredycat (S-1-5-21-1508681193-3317570181-2872596689-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\scaredycat SUPPORT_388945a0 (S-1-5-21-1508681193-3317570181-2872596689-1002 - Limited - Disabled) __vmware_user__ (S-1-5-21-1508681193-3317570181-2872596689-1008 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Class Guid: {4D36E96B-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Description: Class Guid: {4D36E96E-E325-11CE-BFC1-08002BE10318} Manufacturer: COMPAQ Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/20/2014 08:10:38 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application mbam.exe, version 1.0.0.532, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (10/20/2014 08:10:05 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application mbam.exe, version 1.0.0.532, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (10/20/2014 07:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (10/19/2014 06:15:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000. Processing media-specific event for [explorer.exe!ws!] Error: (10/19/2014 02:33:03 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (10/19/2014 01:38:43 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (10/19/2014 01:38:43 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (10/19/2014 01:21:03 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (10/19/2014 01:05:41 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (10/19/2014 01:04:49 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors: ============= Error: (10/26/2014 08:28:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (10/26/2014 08:28:29 AM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000022cleaning.iniHarddiskVolume1 Error: (10/26/2014 03:46:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (10/26/2014 03:45:55 AM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000022avast5.iniHarddiskVolume1 Error: (10/26/2014 00:36:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: i8042prt Error: (10/26/2014 00:35:53 AM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000022avast5.iniHarddiskVolume1 Error: (10/25/2014 05:38:02 PM) (Source: System Error) (EventID: 1003) (User: ) Description: Error code 100000d1, parameter1 0000000c, parameter2 00000005, parameter3 00000001, parameter4 b9edc5f7. Error: (10/25/2014 05:36:30 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout. Error: (10/25/2014 05:35:55 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout. Error: (10/25/2014 05:35:23 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout. Microsoft Office Sessions: ========================= Error: (10/20/2014 08:10:38 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: mbam.exe1.0.0.532hungapp0.0.0.000000000 Error: (10/20/2014 08:10:05 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: mbam.exe1.0.0.532hungapp0.0.0.000000000 Error: (10/20/2014 07:44:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000 Error: (10/19/2014 06:15:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: explorer.exe6.0.2900.55120.0.0.000000000 Error: (10/19/2014 02:33:03 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000 Error: (10/19/2014 01:38:43 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000 Error: (10/19/2014 01:38:43 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000 Error: (10/19/2014 01:21:03 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000 Error: (10/19/2014 01:05:41 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000 Error: (10/19/2014 01:04:49 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000 ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz Percentage of memory in use: 27% Total physical RAM: 2018.23 MB Available physical RAM: 1466.48 MB Total Pagefile: 3911.2 MB Available Pagefile: 3489.39 MB Total Virtual: 2047.88 MB Available Virtual: 1929.86 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:149.05 GB) (Free:87.04 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive e: () (Removable) (Total:15.01 GB) (Free:3.98 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 9F0DAB10) Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=15 GB) - (Type=0C) ==================== End Of Log ============================
  12. sscat
    My anitvirus Avast found the Cidox after the Combofix but was able this time to fix it. It "Moved to Chest" ....which it was never able to do previously so that seems good news?! Im going to run FRST when I return, have to run out for a little bit. Thanks ...cat
  13. sscat
    ok, here it is: ComboFix 14-10-24.01 - scaredycat 10/25/2014 20:38:44.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2018.1244 [GMT -4:00] Running from: e:\a setup-installed downloads clean-update tools\MY CP CLEAN-UPDATE RUN TOOLS-USE\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\chrome.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\chrome_child.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\chrome_elf.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\d3dcompiler_43.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\d3dcompiler_46.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\delegate_execute.exe c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\ffmpegsumo.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\libegl.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\libexif.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\libglesv2.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\libpeerconnection.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\metro_driver.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\nacl64.exe c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\pdf.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\PepperFlash\pepflashplayer.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\ppgooglenaclpluginchrome.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\widevinecdmadapter.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\36.0.1985.143\xinput1_3.dll c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\Etfzuaer.exe c:\documents and settings\scaredycat\Local Settings\Application Data\Identities\Gdqtspfnolwi\Bkgajrs\rundll32.exe C:\END c:\program files\Internet Explorer\SET680.tmp c:\program files\Internet Explorer\SET685.tmp c:\windows\system32\_000005_.tmp.dll c:\windows\system32\_000006_.tmp.dll c:\windows\system32\_000007_.tmp.dll c:\windows\system32\_000008_.tmp.dll c:\windows\system32\_000009_.tmp.dll c:\windows\system32\_000010_.tmp.dll c:\windows\system32\_000011_.tmp.dll c:\windows\system32\_000012_.tmp.dll c:\windows\system32\_000013_.tmp.dll c:\windows\system32\_000014_.tmp.dll c:\windows\system32\_000015_.tmp.dll c:\windows\system32\_000016_.tmp.dll c:\windows\system32\Thumbs.db c:\windows\wininit.ini . . CLSID={73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} - infected with Poweliks and removed. . ((((((((((((((((((((((((( Files Created from 2014-09-26 to 2014-10-26 ))))))))))))))))))))))))))))))) . . 2014-10-25 19:02 . 2014-10-25 21:20 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP 2014-10-25 19:01 . 2014-10-25 19:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2014-10-24 18:33 . 2014-10-24 18:34 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2014-10-24 18:33 . 2014-10-24 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller 2014-10-24 17:53 . 2014-10-24 17:53 -------- d-----w- C:\TDSSKiller_Quarantine 2014-10-24 06:57 . 2014-10-24 08:10 -------- d-----w- C:\FRST 2014-10-24 06:04 . 2014-10-24 06:04 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-10-24 06:04 . 2014-10-24 06:04 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-10-24 06:04 . 2014-10-01 15:11 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-10-24 06:04 . 2014-10-01 15:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-10-22 00:25 . 2014-10-22 00:26 -------- d-----w- c:\documents and settings\scaredycat\Local Settings\Application Data\Citrix 2014-10-21 20:42 . 2014-10-21 20:42 -------- d-----w- c:\documents and settings\scaredycat\Application Data\IObit 2014-10-21 07:19 . 2014-10-21 07:19 -------- d-----w- c:\program files\Common Files\Java 2014-10-21 07:19 . 2014-10-21 07:18 145408 ----a-w- c:\windows\system32\javacpl.cpl 2014-10-21 07:19 . 2014-10-21 07:18 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-10-21 07:18 . 2014-10-21 07:18 -------- d-----w- c:\program files\Java 2014-10-20 23:37 . 2014-10-20 23:37 -------- d-----w- c:\documents and settings\scaredycat\Local Settings\Application Data\Temp 2014-10-20 23:34 . 2014-10-20 23:34 -------- d-----w- c:\documents and settings\scaredycat\Application Data\AVAST Software 2014-10-20 21:55 . 2014-10-20 21:55 -------- d-----w- c:\windows\jumpshot.com 2014-10-20 21:53 . 2014-10-20 21:53 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-10-20 21:53 . 2014-10-20 21:53 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2014-10-20 21:53 . 2014-10-20 21:53 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-10-20 21:53 . 2014-10-20 21:54 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-10-20 21:53 . 2014-10-20 21:53 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-10-20 21:53 . 2014-10-20 21:53 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-10-20 21:53 . 2014-10-20 21:53 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-10-20 21:53 . 2014-10-20 21:53 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2014-10-20 21:53 . 2014-10-20 21:53 276432 ----a-w- c:\windows\system32\aswBoot.exe 2014-10-20 21:53 . 2014-10-20 21:53 43152 ----a-w- c:\windows\avastSS.scr 2014-10-20 21:50 . 2014-10-20 21:50 -------- d-----w- c:\program files\AVAST Software 2014-10-20 21:46 . 2014-10-20 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2014-10-20 21:27 . 2014-10-20 21:27 -------- d-----w- c:\documents and settings\scaredycat\Application Data\TeamViewer 2014-10-18 22:28 . 2014-10-19 01:33 110296 ----a-w- c:\windows\system32\drivers\48230029.sys 2014-10-18 01:32 . 2014-10-20 20:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2014-10-18 00:58 . 2014-10-18 00:58 1324 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\d3d9caps.tmp 2014-10-17 22:30 . 2014-10-17 22:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2014-10-17 21:48 . 2014-10-24 03:20 -------- d-----w- c:\program files\Citrix 2014-10-17 21:47 . 2014-10-18 01:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Citrix 2014-10-17 21:35 . 2014-10-17 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AMMYY 2014-10-17 20:06 . 2014-10-17 20:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\TightVNC 2014-10-17 20:03 . 2014-10-17 20:06 -------- d-----w- c:\program files\ShowMyPCService 2014-10-17 20:00 . 2014-10-18 01:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment 2014-10-17 19:51 . 2014-10-17 19:51 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2014-10-17 12:12 . 2014-10-17 12:12 -------- d-----w- c:\documents and settings\scaredycat\Application Data\Malwarebytes 2014-10-17 12:10 . 2014-10-17 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-10-21 07:16 . 2013-07-23 09:36 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-10-21 07:16 . 2013-07-23 09:36 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-08-07 06:38 . 2014-08-07 06:38 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-10-20 21:53 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-10-21 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-12 172032] "TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" [2006-03-15 348160] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-20 4085896] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-12-12 17:05 143360 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2008-12-12 17:05 143360 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] 2008-07-17 20:10 888832 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2008-12-11 20:08 1044480 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2014-07-25 16:29 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2014-10-21 00:38 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray] 2009-10-22 09:43 64048 ----a-w- c:\program files\VMware\VMware Player\hqtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "atchksrv"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\VMware\\VMware Player\\vmware-authd.exe"= "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [10/20/2014 5:53 PM 49944] R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [10/20/2014 5:53 PM 192352] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 2:14 PM 24064] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/20/2014 5:53 PM 779536] R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [10/20/2014 5:53 PM 414520] R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [10/20/2014 5:53 PM 24184] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/20/2014 5:53 PM 67824] R2 tvnserver;TightVNC Server;c:\program files\ShowMyPCService\tvnserver.exe [11/21/2013 3:24 PM 815704] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [10/22/2009 5:45 AM 70704] R2 vstor2-mntapi10;Vstor2 vix Disk Tools Virtual Storage Driver;c:\program files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys [11/3/2009 2:30 PM 22576] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [8/17/2010 1:07 PM 36352] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/24/2014 2:04 AM 23256] S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/7/2014 2:38 AM 13464] S3 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [10/22/2009 4:47 AM 563760] S4 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [8/18/2010 3:57 PM 2525720] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-08-22 21:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-10-20 21:39 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-07 07:16] . 2014-10-25 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-20 21:53] . 2014-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-06 20:10] . 2014-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-11-06 20:10] . 2014-10-26 c:\windows\Tasks\User_Feed_Synchronization-{F9291DC1-967C-4335-8B82-D83AAEBACF2C}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31] . . ------- Supplementary Scan ------- . uStart Page = https://us-mg5.mail.yahoo.com/neo/b/launch?.rand=5r1av1hllpvpk TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{4CFF72CD-4B0B-4ABB-8D88-0B67B5E43B08}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 TCP: Interfaces\{DACEC59A-6D3C-4F66-8E5A-3B3E4D951047}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 DPF: {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} - hxxps://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-18932647.sys SafeBoot-33199515.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-10-25 20:55 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1508681193-3317570181-2872596689-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2014-10-25 20:57:14 ComboFix-quarantined-files.txt 2014-10-26 00:57 . Pre-Run: 87,393,386,496 bytes free Post-Run: 93,370,683,392 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 29927218503AE345E865F0213E3BAE44 390BC326F8DC9CA4922C5FB5BE1BFE42
  14. sscat
    should I do any fixing?
  15. sscat
    hmmm... It never finished again (maybe 2-3hrs?) I think it stuck at the same point if I remember the first correctly too which is scanning a dll possibly and 'comuid' or something similiar. When I went to open this page I got a blue screen with lots of numbers ...many 0's I saw quickly then went blank or gray and rebooted itself. Before this scan all the dllhosts in task mgr were gone but now back by the dozen. Im worried any fixing is now back to stage one again? The 1st & 2nd scan (I did post 1st earlier) did show an infection and this one a trogen not the cidox ...but it may not have gotten far enough in either case to find it if its still there. Hope this isnt terrible news? Sure doesnt look good. Im going to stop the dll's again for now because I have to sign off for a while & I believe the cp is better without them. Maybe turn it off too. Let me know what you suggest next & I'll get to it asap. Sorry. I was beginning to see some light but now?? Thanks again for the help here!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.